[Samba] Debugging a groups permission problem

John Mulligan phlogistonjohn at asynchrono.us
Mon Mar 7 14:51:50 MST 2011

Hello samba list,

I've run into a rather strange problem at one of our deployments, and
after trying a few ideas myself are turning to you to see if you have
any suggestions for my next step.

The problem: We're currently running samba 3.5.6 as a file server joined
to an active directory. We set up acls that say group "foo" has r/w access
to a directory. A user "userA" attempts to access that folder and fails
even though the active directory server shows he is in that group.
I've gone through the samba system checking the output of wbinfo
and the getent, groups and id command; they all show that "userA" is
in the supplementary "foo" group. I also turned up the logging and
verified that the results of the "supplementary groups" in the log
show the GID of the "foo" group when "userA" connects.

Can you suggest to me what else I should be looking at? We've re-run this
test by stripping out all acls (nt and posix) and just using permissions.
Unless this particular user is the owner or the primary group the
user can not access this directory.
It feels as if the supplementary group is being "ignored" for this case,
but I don't know why and I have run out of ideas. Searching google does not
seem to turn up anything relevant at this point, either. I would greatly
appreciate any help investigating what is going on with this system.

Thank you all for your assistance.
--John M.

More information about the samba mailing list